Apple Launches Bug Bounty Program With Payout of up to $200,000

Apple said Thursday that it will offer up to $200,000 to researchers who are able to find crucial security bugs in its products. The company made the announcement at the Black Hat cyber security conference in Las Vegas.

The program, which launches in September, will offer cash rewards for working exploits that target the latest version of iOS or the most recent generation of hardware, the company said.

This marks the first time that Apple will make such an offer, and will now join a list of other companies who have previously made similar offers. Notably, the Department of Defense, Uber and Fiat Chrysler have recently launched their own versions of such programs. Google, specifically, has paid out more than $20 million in bug bounties this past year, targeting vulnerabilities in Android.

According to Apple, the program will be invite-only at the initial stage, with room for opening the floor to others later down the line.

Apple’s program will be based on five categories of risks, with attendant levels of remuneration. They include, up to $200,000 for vulnerabilities in secure boot firmware components; up to $50,000 for executions of arbitrary or malicious code with kernel privileges; and up to $50,000 for access to iCloud account data on Apple Servers.

Other are up to $25,000 for access from a sandboxed process to user data outside the sandbox and up to $100,000 for vulnerabilities that allow extraction of confidential material for secure enclave.